DNS Lookups going to Google DNS even though I have OpenDNS configured?
-
I have put OpenDNS servers as my DNS servers as you can see below:
However I'm still seeing DNS requests coming from my server (unRAID running Plex and various other Dockers) going to Google DNS.
I'm assuming I somewhere in the past configured 8.8.8.8 and 8.8.4.4 as my DNS servers but I can't seem to find it anywhere. The only place I see that 8.8.8.8 and 8.8.4.4 were configured is on my wireless AP that I used to use as my home router (DD-WRT) and now just acts as an AP but my server is not connected to that AP anyway.
Could it be cached DNS?
-
What are you giving to your clients via DHCP? What are the DNS servers configured on client 192.168.4.208?
-
What are you giving to your clients via DHCP? What are the DNS servers configured on client 192.168.4.208?
I have no DNS configured in DHCP so it should be using the default. The static DNS server on 192.168.4.208 is 192.168.4.1 (LAN IP/gateway of pfSense) but I've also tried putting in the OpenDNS server IPs there as well to no avail.
-
Is it possible that there is an application running on .208 that is doing the resolving for whatever reason, like a DNS benchmark for instance?
-
Dude. Those logs say 192.168.4.208 is making requests to google's 8.8.8.8 and 8.8.4.4. and they are being blocked by the rules on the LAN interface.
-
@KOM:
Is it possible that there is an application running on .208 that is doing the resolving for whatever reason, like a DNS benchmark for instance?
Nope, I have nothing that would do any resolving running on .208. It's a linux storage box that just has a few Dockers running (like Plex and a few others but nothing that has any DNS configured).
Dude. Those logs say 192.168.4.208 is making requests to google's 8.8.8.8 and 8.8.4.4. and they are being blocked by the rules on the LAN interface.
That's correct, I purposely am blocking them. The question is why are they making requests to Google?
-
That is a great question for the makers of that box. it has nothing to do with pfSense.
-
That is a great question for the makers of that box. it has nothing to do with pfSense.
I wasn't blaming pfsense I was just looking for some insight from others running pfsense. Being that I'm pretty new to pfsense I wasn't sure if I misconfigured something on it. But I'll look more closely at my server now.
-
dig/drill are your friends
On 192.168.4.208:
You can selectively do DNS queries to various servers:
dig @8.8.8.8 www.google.com
dig @192.168.4.1 www.google.com -
It could also be something as simple as someone running nslookup from the command line and then specifying the Google DNS.
-
@KOM:
It could also be something as simple as someone running nslookup from the command line and then specifying the Google DNS.
I would but it's a linux box. And the dig/drill commands don't appear to be present.
It looks like it's an issue with one of my dockers though so I'm looking into that.
-
I would but it's a linux box.
cough
-
"I would but it's a linux box. And the dig/drill commands don't appear to be present."
Well then install them.. What linux distro are you using that nslookup is not installed?
Last login: Wed Jul 8 12:02:03 2015 from 10.0.8.6
user@ubuntu:~$ nslookup -
"I would but it's a linux box. And the dig/drill commands don't appear to be present."
Well then install them.. What linux distro are you using that nslookup is not installed?
Last login: Wed Jul 8 12:02:03 2015 from 10.0.8.6
user@ubuntu:~$ nslookupIt's an unRAID server which is built off Slackware. But I've determined it's definitely an issue with a particular Docker. I see the nameserver's listed as the Google DNS servers in the Docker's log so it's not even really a Linux issue.
-
But I've determined it's definitely an issue with a particular Docker.
For me, playing detective is the funnest part of the job.
